When working with firewalls such as firewalld, the unexpected can happen and you can be locked out of your vps.
Many VPS provider provides a rescue mode that permits to get access back to your disk called a rescue mode.
This how-to shows you how to disable your firewall but you may use it to perform any other maintenance operations.
Reboot your VPS in rescue mode
To reboot your VPS in rescue mode, you should go to the administration website of your VPS. They would have then an action in order to reboot your VPS in rescue mode.
The rescue mode is just:
- a new machine that boots on a minimal disk with a minimal OS
- and attach your disk
You get then access to your file and disk. You can perform administrative task such as:
- deactivate your firewall
- backup or data recovery
- update your network configuration files
They should send you via email or via their dashboard the root and password credentials of the new virtual machine created.
Login to the rescue VPS and check the disks
Once you have login to your machine, the prompt should indicate you that it's in a rescue mode.
[RESCUE] root@vps-427a1b7c:/ $
You can list the disk partitions with the lsblk command.
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sda 8:0 0 2.5G 0 disk └─sda1 8:1 0 2.5G 0 part / sdb 8:16 0 80G 0 disk └─sdb1 8:17 0 80G 0 part
The above output shows two disks device:
- sda1 of 2.5 Gb mounted at the root, the new VPS
- sdb1 of 80 Gb, not mounted, the disk of your machine that contains all your data.
In a non-rescue mode, you would see only your disk.
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sda 8:0 0 80G 0 disk └─sda1 8:1 0 80G 0 part /
Mount your disk to access your data
To get access to the data on your disk, you need to mount it.
- Create a mount point if necessary (ie directory where your data will be available)
# /mnt may be already created mkdir /mnt
- Mount your disk into this directory
mount /dev/sdb1 /mnt
- Check that you have access to your data
- Modify the root of the file system. It's not always needed but all process and file system will think logically that the root of the file system / is now /mnt.
At this stage, you have access to your disk, you can search file
- by name
find . -name myfile.myextension
- or by content with a pattern
grep -rnw . -e 'how to disable ?'
Disable your firewall service
A service is just a symbolic link in a directory that points to a file:
To disable a service, you just:
- delete this symlink
- or recreate a symlink to devnull (meaning that the file does not exists) This technic is also called masking the service
For systemd, the location of this service link is /etc/systemd/system/.
For instance, to disable firewalld, you would create the symlink with the following command
ln -s /dev/null /etc/systemd/system/firewalld.service
The reboot should happen in the dashboard of your VPS provider because it needs to recreate a VPS with your disk.
Correct your configuration and unmask your service
- with systemd
systemctl unmask firewalld systemctl start firewalld
- or directly from the file system
Documentation / Reference
- Big thanks to vmbs for the pointer